fix: prevent path traversal for message_id in file_session_manager

[mehtarac]

Description

Fixing a path_traversal security issue in FileSessionManager specifically in our _get_message_path() method. Currently we don't validate the message_id but we do validate the other id's such as session_id and agent_id

Related Issues

This PR fixes the issue by raising an exception if the message_id contains separators.

Documentation PR

Type of Change

Bug fix
New feature
Breaking change
Documentation update
Other (please describe):

Testing

How have you tested the change? Verify that the changes do not break functionality or introduce warnings in consuming repositories: agents-docs, agents-tools, agents-cli

• I ran hatch run prepare

Checklist

• I have read the CONTRIBUTING document
• I have added any necessary tests that prove my fix is effective or my feature works
• I have updated the documentation accordingly
• I have added an appropriate example to the documentation to outline the feature, or no new docs are needed
• My changes generate no new warnings
• Any dependent changes have been merged and published

---

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.